68d35e54dfeed830ec119b78f61af992 | Triage

Sharing

General

Target

68d35e54dfeed830ec119b78f61af992
Size

4.3MB
MD5

68d35e54dfeed830ec119b78f61af992
SHA1

49baa8c0081ae25e05fa9f6d27f4e84c4773a77a
SHA256

f0a1ec7d501bcdb83c63b84d3ec1fd7ffb90e78a31ffeda9182c34e1d7eee543
SHA512

c7e41b7095c47b23a380cbb9da3d2513102f2081cb4a1ae5d87aba5866005286f90f01d04ad1ca8986a743623c72aa87378c06c505057c5bbf77ba0549977d8c
SSDEEP

98304:a7YLLWh9a/w4MeWSuoQyK5G+SwSXJezFasO8lBJ3FRsFR:a7YWhsIrSuuIG+EZE/lBJ3O

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs
Detects Themida, an advanced Windows software protection system.
themida

Processes:

resource yara_rule

sample themida
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

68d35e54dfeed830ec119b78f61af992

Files

68d35e54dfeed830ec119b78f61af992
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: 109KB - Virtual size: 280KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 15B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.imports
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 7.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 4.1MB - Virtual size: 4.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ